Amazines Free Article Archive
www.amazines.com - Tuesday, July 14, 2020
Read about the most recent changes and happenings at Amazines.com
Log into your account or register as a new author. Start submitting your articles right now!
Search our database for articles.
Subscribe to receive articles emailed straight to your email account. You may choose multiple categories.
View our newest articles submitted by our authors.
View our most top rated articles rated by our visitors.
* Please note that this is NOT the ARTICLE manager
Add a new EZINE, or manage your EZINE submission.
Add fresh, free web content to your site such as newest articles, web tools, and quotes with a single piece of code!
Home What's New? Submit/Manage Articles Latest Posts Top Rated Article Search
Google
Subscriptions Manage Ezines
CATEGORIES
 Article Archive
 Advertising (133370)
 Advice (161095)
 Affiliate Programs (34743)
 Art and Culture (73731)
 Automotive (145711)
 Blogs (75128)
 Boating (9843)
 Books (17221)
 Buddhism (4126)
 Business (1329061)
 Business News (426354)
 Business Opportunities (366312)
 Camping (10966)
 Career (72751)
 Christianity (15847)
 Collecting (11638)
 Communication (115066)
 Computers (241959)
 Construction (39001)
 Consumer (49683)
 Cooking (17064)
 Copywriting (6600)
 Crafts (18205)
 Cuisine (7543)
 Current Affairs (20412)
 Dating (45787)
 EBooks (19689)
 E-Commerce (48215)
 Education (185295)
 Electronics (83506)
 Email (6400)
 Entertainment (159866)
 Environment (28941)
 Ezine (3039)
 Ezine Publishing (5449)
 Ezine Sites (1550)
 Family & Parenting (110919)
 Fashion & Cosmetics (196413)
 Female Entrepreneurs (11844)
 Feng Shui (131)
 Finance & Investment (310421)
 Fitness (106327)
 Food & Beverages (62909)
 Free Web Resources (7938)
 Gambling (30231)
 Gardening (25139)
 Government (10526)
 Health (629843)
 Hinduism (2206)
 Hobbies (44053)
 Home Business (91570)
 Home Improvement (251401)
 Home Repair (46160)
 Humor (4832)
 Import - Export (5453)
 Insurance (45144)
 Interior Design (29576)
 International Property (3485)
 Internet (190995)
 Internet Marketing (146415)
 Investment (22840)
 Islam (1167)
 Judaism (1356)
 Law (80573)
 Link Popularity (4595)
 Manufacturing (20845)
 Marketing (98885)
 MLM (14136)
 Motivation (18216)
 Music (27012)
 New to the Internet (9494)
 Non-Profit Organizations (4048)
 Online Shopping (129642)
 Organizing (7803)
 Party Ideas (11857)
 Pets (38078)
 Poetry (2234)
 Press Release (12681)
 Public Speaking (5634)
 Publishing (7526)
 Quotes (2407)
 Real Estate (126637)
 Recreation & Leisure (95349)
 Relationships (87569)
 Research (16163)
 Sales (80329)
 Science & Technology (110240)
 Search Engines (23483)
 Self Improvement (153124)
 Seniors (6235)
 Sexuality (35945)
 Small Business (49309)
 Software (83001)
 Spiritual (23473)
 Sports (116109)
 Tax (7659)
 Telecommuting (34066)
 Travel & Tourism (307748)
 UK Property Investment (3121)
 Video Games (13428)
 Web Traffic (11735)
 Website Design (56838)
 Website Promotion (36586)
 World News (1000+)
 Writing (35782)
Author Spotlight
PAUL RICE

hello everyone l been on the net since 2000 and enjoy my work l work as an affiliate and also have w...more
ELLISEN WANG

I'm Ellisen, nice to meet you! Obviously you're here because you want to know who I am. Wel...more
ANISH SAH

My Name is Anish Sah, I am an Internet Marketing and SEO Expert, Social Media Guru and young Entrepr...more
PHILIP MODY

A. BOOK PUBLISHED: Title of Book Publisher ISBN & Year Status of Publisher 1. Role of Gi...more
DAMIAN POWELL

Demonstrated exceptional leadership in the government and private sector at an executive level. Skil...more


Security threats explained internal excessive privilege - Electronic Price Computing Scale Manufact by he ni





Article Author Biography
Security threats explained internal excessive privilege - Electronic Price Computing Scale Manufact by
Article Posted: 09/05/2015
Article Views: 652
Articles Written: 1145
Word Count: 919
Article Votes: 0
AddThis Social Bookmark Button

Security threats explained internal excessive privilege - Electronic Price Computing Scale Manufact


 
Business,Business News,Business Opportunities
In this series, Computerworld Australia examines some of the information security threats facing small businesses and larger enterprises today.

We’ve looked at

Whether it’s a system administrator with complete access to servers and data or an executive who retains excessive access rights after changing roles, these people could pose an internal threat if they turn against the company.

For example, employees could find themselves locked out of their own networks while customer data files vanish, trade secrets get stolen or company funds are siphoned out of the business.

IT admins gone wild:

The threat of internal excessive privilege

While organisations spend large amounts of money trying to defend their perimeters from being breached by external malicious actors, the defensive strategies put in place are not effective at protecting the organisation from within, according to IDC Australia senior market analyst, Vern Hue.

“When a rogue employee has access rights to various, and deep-lying parts of the business --most often due to employees being with the organisation for a long period of time and changing roles as they go along-- access to other parts of the system remains,” he says.

According to Hue, this is because many organisations do not have the right processes in place to remove access rights to that previous role.

“This allows the employee to be in a position of siphoning precious information out and hold it against the organisation for a ransom, or to sell it in the black market,” he says.

The risks of allowing staff access to certain systems can range from the employee destroying data that they should not have access to through to the entire corporate environment becoming compromised, according to Pure Hacking chief technology officer, Ty Miller. “This is a common scenario found by our security consultants where organisations are creating excessive numbers of domain administrator accounts,” says Miller.

“These accounts have complete control over every Windows workstation, laptop and server throughout the corporate environment. When these accounts are compromised, the resulting impact can have devastating consequences on the organisation.”

Extent of the threat

IDC’s Hue warns that some well-known financial institutions have taken hits to both the bottom line and reputation as a result of rogue traders with excessive privileges. For example, French bank, Sociate Generale, was thrown into turmoil in 2008 when one of their traders, who breached five levels of controls, executed a series of fictitious transactions which resulted in US$7 billion of losses.

“That said trader was reported to have worked in the risk management office, before moving into a trading role,” he says. According to Trend Micro Australia and New Zealand alliances manager, Adam Biviano, the risk is not just from intentional misuse of the company data. For example, an administrator might be in the process of repairing a server and copies a critical database to a USB drive. “Once the server is fixed and the data is no longer needed on the USB drive, is it actually deleted? Or is it thrown in the drawer as is, only to be used by someone else down the track who misplaces it in public,” he says.

Addressing internal excessive privilege

Businesses need to reassess how they look at addressing internal excessive privilege by shifting away from viewing it as a compliance and government requirement to making it more about a risk management exercise, says IDC’s Hue.

“The shift in mentality has to start with the C-level executives, and helping them understand the risks associated with not having proper access governance programmes,” he says.

Hue adds that companies can also conduct both external penetration tests [EPT] and internal penetration tests [IPT].

“These penetration tests would be deployed in order to mimic vulnerabilities which lay outside, and within the firewall,” he says.

IPT is conducted from the vantage point of an internal user and using the network access a typical users has, and from this point, the organisation is able to see how far privileges can be escalated and how much information within the network is at risk of a breach.

“This gives the team a view of their current security posture and it helps validate their security controls which are in place,” says Hue.

Pure Hacking’s Miller provided five key steps for organisations to address the issues surrounding excessive internal privileges.

Security policies, processes and system security guidelines should be developed to ensure that security is being implemented effectively and only the necessary privileges are provided to employees.

System configurations should also be locked down so that least privileges security is being used to minimise the risk of unnecessary privileges being abused.

Hackers perform privilege escalation attacks that are designed to gain unauthorised access to systems and data. Systems should be patched and hardened on a monthly basis to ensure that these types of attacks are not possible.

Penetration tests should be performed to identify insecure access controls, privilege levels, and privilege escalation vulnerabilities within systems and applications.

Organisations should review all users’ privileges on a regular basis to ensure that accounts only have access to the functionality and data that they require access to.

Follow Hamish Barwick on Twitter:

Follow Computerworld Australia on Twitter:

I am an expert from electronicbalancescale.com, while we provides the quality product, such as Electronic Price Computing Scale Manufacturer , Plastic Measuring Cup, Electronic Precision Balance,and more.

Related Articles - Electronic Price Computing Scale Manufacturer, Plastic Measuring Cup,

Email this Article to a Friend!

Receive Articles like this one direct to your email box!
Subscribe for free today!

 Rate This Article  
Completely useless, should be removed from directory.
Minimal useful information.
Decent and informative.
Great article, very informative and helpful.
A 'Must Read'.

 

Do you Agree or Disagree? Have a Comment? POST IT!

 Reader Opinions 
Submit your comments and they will be posted here.
Make this comment or to the Author only:
Name:
Email:
*Your email will NOT be posted. This is for administrative purposes only.
Comments: *Your Comments WILL be posted to the AUTHOR ONLY if you select PRIVATE and to this PUBLIC PAGE if you select PUBLIC, so write accordingly.
 
Please enter the code in the image:



 Author Login 
LOGIN
Register for Author Account

 

Advertiser Login

 

ADVERTISE HERE NOW!
   Limited Time $60 Offer!
   90  Days-1.5 Million Views  

 

Great Paranormal Romance


GENE MYERS

Author of four books and two screenplays; frequent magazine contributor. I have four other books "in...more
STEPHEN BYE

Steve Bye is currently a fiction writer, who published his first novel, ‘Looking Forward Through The...more
STEVERT MCKENZIE

Stevert Mckenzie, Travel Enthusiast. ...more
MICHAEL MIFSUD

Michael Mifsud was a House of Commons Commonwealth correspondent at the age of 16. He published Brit...more
ADRIAN JOELE

I have been involved in nutrition and weight management for over 12 years and I like to share my kn...more
LARRY WHITTLER

Author of Wrestler/That Dog Hunts; Available at the Kindle Store ...more
SUSAN FRIESEN

Susan Friesen, founder of the award-winning web development and digital marketing firm eVision Media...more
LAURA JEEVES

At LeadGenerators, we specialise in content-led Online Marketing Strategies for our clients in the t...more
JOANNE IRELAND

Joanne Ireland, a 30-year veteran of the meeting and event planning industry, is Founder and Preside...more
TIM FAY

I am not a writer nor am I trying to become a writer. I am an average person with average intelligen...more

HomeLinksAbout UsContact UsTerms of UsePrivacy PolicyFAQResources
Copyright © 2020, All rights reserved.
Some pages may contain portions of text relating to certain topics obtained from wikipedia.org under the GNU FDL license